Hi, I'm working on Password recovery for ES, following [1].
According to [1], in the sequence of calls to the *UserInformationRecoveryService, *the key generated in one call needs to be passed to the next call for verification. These calls occur in different views, so we need to pass the keys from one view to the next. What is the best way to do this? - passing as url parameters? - storing them in the session? Is there any security concerns related to either approach? Or is there a better way to do this? Any thoughts on this would be helpful. Thank you, Sameera [1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions -- *Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. * *lean . enterprise . middleware | http://wso2.com <http://wso2.com> *
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
